VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Behavior list
Basic Information
MD5:861a999e70b997dba365d235dddc0d1c
file type:EXE
Production company:MSI
version:4.0.0.6---4.0.0.06
Shell or compiler information:COMPILER:Borland Delphi 6.0 - 7.0 [Overlay]
Key behavior
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.IBI..PFCHH
MSCTF.MarshalInterface.FileMap.IBI.B.PFCHH
MSCTF.MarshalInterface.FileMap.IBI.C.PFCHH
MSCTF.MarshalInterface.FileMap.IBI.D.PFCHH
MSCTF.MarshalInterface.FileMap.IBI.E.PFCHH
MSCTF.MarshalInterface.FileMap.IBI.F.PFCHH
MSCTF.MarshalInterface.FileMap.IBI.G.PFCHH
Local\UrlZonesSM_Administrator
MSCTF.Shared.SFM.IBI
MSCTF.MarshalInterface.FileMap.IBI.H.DCNLH
MSCTF.MarshalInterface.FileMap.IBI.I.DDNLH
MSCTF.MarshalInterface.FileMap.IBI.J.DDNLH
MSCTF.MarshalInterface.FileMap.IBI.K.DDNLH
MSCTF.MarshalInterface.FileMap.IBI.L.DDNLH
Behavior description:设置特殊文件属性
details:C:\Program Files\MSI\MSI Gaming APP\GamingAPP.exe
C:\Program Files\MSI\MSI Gaming APP\GamingApp_Service.exe
C:\Program Files\MSI\MSI Gaming APP\SGamingAPP.exe
C:\Program Files\MSI\MSI Gaming APP\Lib\ADL.dll
C:\Program Files\MSI\MSI Gaming APP\Lib\devcon.exe
C:\Program Files\MSI\MSI Gaming APP\Lib\devcon64.exe
C:\Program Files\MSI\MSI Gaming APP\Lib\MBAPI_x86.dll
C:\Program Files\MSI\MSI Gaming APP\Lib\NDA.dll
C:\Program Files\MSI\MSI Gaming APP\Lib\NTIOLib.sys
C:\Program Files\MSI\MSI Gaming APP\Lib\NTIOLib_X64.sys
C:\Program Files\MSI\MSI Gaming APP\Lib\SetupICCS_9.exe
C:\Program Files\MSI\MSI Gaming APP\Lib\BIOSData\amifldrv32.sys
C:\Program Files\MSI\MSI Gaming APP\Lib\BIOSData\amifldrv64.sys
C:\Program Files\MSI\MSI Gaming APP\Lib\BIOSData\SCEWIN.exe
C:\Program Files\MSI\MSI Gaming APP\Lib\BIOSData\SCEWIN_64.exe
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [安装向导,TApplication]
Behavior description:杀掉进程
details:TargetProcess = MSIGAMINGAPP.EXE
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = c:\windows\system32\cmd.exe, CmdLine = "c:\windows\system32\cmd.exe" /c taskkill /f /im msigamingapp.exe
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = "C:\WINDOWS\system32\cmd.exe" /c taskkill /f /im MSIGamingApp.exe
ImagePath = C:\WINDOWS\system32\taskkill.exe, CmdLine = taskkill /f /im MSIGamingApp.exe
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-LUI7L.tmp\996E.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-LUI7L.tmp\996E.tmp" /SL5="$202A2,10458914,699392,C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446205448.270117.exe"
Behavior description:枚举进程
details:N/A
Behavior description:杀掉进程
details:TargetProcess = MSIGAMINGAPP.EXE
File behavior
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-LUI7L.tmp\996E.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-H9FH3.tmp\_isetup\_shfoldr.dll
C:\Program Files\MSI\MSI Gaming APP\is-7ART5.tmp
C:\Program Files\MSI\MSI Gaming APP\is-BVF0N.tmp
C:\Program Files\MSI\MSI Gaming APP\is-OCRQ7.tmp
C:\Program Files\MSI\MSI Gaming APP\is-UEOLR.tmp
C:\Program Files\MSI\MSI Gaming APP\Lib\is-5JI42.tmp
C:\Program Files\MSI\MSI Gaming APP\Lib\is-A2E21.tmp
C:\Program Files\MSI\MSI Gaming APP\Lib\is-ML3N3.tmp
C:\Program Files\MSI\MSI Gaming APP\Lib\is-239SJ.tmp
C:\Program Files\MSI\MSI Gaming APP\Lib\is-K2I5C.tmp
C:\Program Files\MSI\MSI Gaming APP\Lib\is-KDIJG.tmp
C:\Program Files\MSI\MSI Gaming APP\Lib\is-JOG5C.tmp
C:\Program Files\MSI\MSI Gaming APP\Lib\is-V5KN3.tmp
C:\Program Files\MSI\MSI Gaming APP\Lib\BIOSData\is-EO78R.tmp
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-LUI7L.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-LUI7L.tmp\996E.tmp
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
Behavior description:设置特殊文件属性
details:C:\Program Files\MSI\MSI Gaming APP\GamingAPP.exe
C:\Program Files\MSI\MSI Gaming APP\GamingApp_Service.exe
C:\Program Files\MSI\MSI Gaming APP\SGamingAPP.exe
C:\Program Files\MSI\MSI Gaming APP\Lib\ADL.dll
C:\Program Files\MSI\MSI Gaming APP\Lib\devcon.exe
C:\Program Files\MSI\MSI Gaming APP\Lib\devcon64.exe
C:\Program Files\MSI\MSI Gaming APP\Lib\MBAPI_x86.dll
C:\Program Files\MSI\MSI Gaming APP\Lib\NDA.dll
C:\Program Files\MSI\MSI Gaming APP\Lib\NTIOLib.sys
C:\Program Files\MSI\MSI Gaming APP\Lib\NTIOLib_X64.sys
C:\Program Files\MSI\MSI Gaming APP\Lib\SetupICCS_9.exe
C:\Program Files\MSI\MSI Gaming APP\Lib\BIOSData\amifldrv32.sys
C:\Program Files\MSI\MSI Gaming APP\Lib\BIOSData\amifldrv64.sys
C:\Program Files\MSI\MSI Gaming APP\Lib\BIOSData\SCEWIN.exe
C:\Program Files\MSI\MSI Gaming APP\Lib\BIOSData\SCEWIN_64.exe
Behavior description:写权限映射文件
details:CiceroSharedMemDefaultS-*
MSCTF.MarshalInterface.FileMap.IBI..PFCHH
MSCTF.MarshalInterface.FileMap.IBI.B.PFCHH
MSCTF.MarshalInterface.FileMap.IBI.C.PFCHH
MSCTF.MarshalInterface.FileMap.IBI.D.PFCHH
MSCTF.MarshalInterface.FileMap.IBI.E.PFCHH
MSCTF.MarshalInterface.FileMap.IBI.F.PFCHH
MSCTF.MarshalInterface.FileMap.IBI.G.PFCHH
Local\UrlZonesSM_Administrator
MSCTF.Shared.SFM.IBI
MSCTF.MarshalInterface.FileMap.IBI.H.DCNLH
MSCTF.MarshalInterface.FileMap.IBI.I.DDNLH
MSCTF.MarshalInterface.FileMap.IBI.J.DDNLH
MSCTF.MarshalInterface.FileMap.IBI.K.DDNLH
MSCTF.MarshalInterface.FileMap.IBI.L.DDNLH
Behavior description:重命名文件
details:C:\Program Files\MSI\MSI Gaming APP\is-7ART5.tmp ---> C:\Program Files\MSI\MSI Gaming APP\unins000.exe
C:\Program Files\MSI\MSI Gaming APP\is-BVF0N.tmp ---> C:\Program Files\MSI\MSI Gaming APP\GamingAPP.exe
C:\Program Files\MSI\MSI Gaming APP\is-3Q0MO.tmp ---> C:\Program Files\MSI\MSI Gaming APP\GamingApp.ico
C:\Program Files\MSI\MSI Gaming APP\is-OCRQ7.tmp ---> C:\Program Files\MSI\MSI Gaming APP\GamingApp_Service.exe
C:\Program Files\MSI\MSI Gaming APP\is-UEOLR.tmp ---> C:\Program Files\MSI\MSI Gaming APP\SGamingAPP.exe
C:\Program Files\MSI\MSI Gaming APP\is-RSRJ3.tmp ---> C:\Program Files\MSI\MSI Gaming APP\Show
C:\Program Files\MSI\MSI Gaming APP\is-4LF5N.tmp ---> C:\Program Files\MSI\MSI Gaming APP\Support.cfg
C:\Program Files\MSI\MSI Gaming APP\Lib\is-5JI42.tmp ---> C:\Program Files\MSI\MSI Gaming APP\Lib\ADL.dll
C:\Program Files\MSI\MSI Gaming APP\Lib\is-A2E21.tmp ---> C:\Program Files\MSI\MSI Gaming APP\Lib\devcon.exe
C:\Program Files\MSI\MSI Gaming APP\Lib\is-ML3N3.tmp ---> C:\Program Files\MSI\MSI Gaming APP\Lib\devcon64.exe
C:\Program Files\MSI\MSI Gaming APP\Lib\is-239SJ.tmp ---> C:\Program Files\MSI\MSI Gaming APP\Lib\MBAPI_x86.dll
C:\Program Files\MSI\MSI Gaming APP\Lib\is-K2I5C.tmp ---> C:\Program Files\MSI\MSI Gaming APP\Lib\NDA.dll
C:\Program Files\MSI\MSI Gaming APP\Lib\is-KDIJG.tmp ---> C:\Program Files\MSI\MSI Gaming APP\Lib\NTIOLib.sys
C:\Program Files\MSI\MSI Gaming APP\Lib\is-JOG5C.tmp ---> C:\Program Files\MSI\MSI Gaming APP\Lib\NTIOLib_X64.sys
C:\Program Files\MSI\MSI Gaming APP\Lib\is-V5KN3.tmp ---> C:\Program Files\MSI\MSI Gaming APP\Lib\SetupICCS_9.exe
Behavior description:修改文件内容
details:C:\Program Files\MSI\MSI Gaming APP\is-3Q0MO.tmp---> Offset = 262144
C:\Program Files\MSI\MSI Gaming APP\is-RSRJ3.tmp---> Offset = 0
C:\Program Files\MSI\MSI Gaming APP\is-4LF5N.tmp---> Offset = 0
C:\Program Files\MSI\MSI Gaming APP\Lib\BIOSData\is-HPCAO.tmp---> Offset = 0
C:\Program Files\MSI\MSI Gaming APP\Lib\BIOSData\is-OT0KV.tmp---> Offset = 0
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
SHIMLIB_LOG_MUTEX
MSCTF.Shared.MUTEX.IBI
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [安装向导,TApplication]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
Behavior description:窗口信息
details:Pid = 2068, Hwnd=0x202c2, Text = 选择安装期间要使用的语言:, ClassName = TNewStaticText.
Pid = 2068, Hwnd=0x202d4, Text = 中文 (简体), ClassName = TNewComboBox.
Pid = 2068, Hwnd=0x202d8, Text = 确定, ClassName = TNewButton.
Pid = 2068, Hwnd=0x202d6, Text = 取消, ClassName = TNewButton.
Pid = 2068, Hwnd=0x402bc, Text = 选择安装语言, ClassName = TSelectLanguageForm.
Pid = 2068, Hwnd=0x102ee, Text = 许可协议, ClassName = TNewStaticText.
Pid = 2068, Hwnd=0x102ec, Text = 请在继续之前阅读以下重要信息。, ClassName = TNewStaticText.
Pid = 2068, Hwnd=0x102e8, Text = 请阅读以下许可协议。在继续安装之前,你必须接受此协议的条款。, ClassName = TNewStaticText.
Pid = 2068, Hwnd=0x202d0, Text = End User Terms and Conditions By installing the following MSI Gaming App ( "Software" ), you accept and agree to the following, ClassName = TRichEditViewer.
Pid = 2068, Hwnd=0x102e6, Text = 我接受协议(&A), ClassName = TNewRadioButton.
Pid = 2068, Hwnd=0x102e4, Text = 我不接受协议(&D), ClassName = TNewRadioButton.
Pid = 2068, Hwnd=0x202b0, Text = C:\Program Files\MSI\MSI Gaming APP, ClassName = TEdit.
Pid = 2068, Hwnd=0x102e2, Text = 下一步(&N) >, ClassName = TNewButton.
Pid = 2068, Hwnd=0x102e0, Text = 取消, ClassName = TNewButton.
Pid = 2068, Hwnd=0x502d6, Text = 安装向导 - MSI Gaming APP, ClassName = TWizardForm.
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_DEBUG_PRIVILEGE
Behavior description:枚举窗口
details:N/A
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号